One of the key concepts behind financial technology (fintech) is that it is intended to create innovative new approaches and solutions to challenges with existing financial services. Because of fintech’s rapid and agile development, the regulatory process has had difficulty keeping pace in many cases. On the other side, fintech startups in the early stages often lack the capacity to staff a compliance department to fully comply with regulations.

Since the financial services industry is subject to strict regulations, it’s in the best interest of fintech companies to stay abreast of regulations that apply to their business and how to efficiently and effectively meet compliance requirements. What are the top 5 rules that fintechs need to know?

Due Diligence, Money Laundering, and Terrorist Funding

Fintech companies, like their incumbent counterparts, offer products and services that could potentially be used by organized criminals or terrorist groups to launder money. Therefore, the vast majority of jurisdictions around the world have regulations in place that deal with know your customer (KYC) due diligence, anti-money laundering (AML), and counter-terrorist funding (CTF) measures to detect and deter suspicious activity.

Startups operating in the U.S. could be subject to oversight from a number of different federal regulators, such as the Office of Foreign Assets Control (OFAC), the Financial Crimes Enforcement Network (FinCEN), and the Securities and Exchange Commission (SEC). In other countries, there is the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), the UK’s Financial Conduct Authority (FCA), and the Australian Transaction Reports and Analysis Centre (AUSTRAC).

Data Protection

Although the details may vary, many major countries already have some kind of rules in the books to protect consumer data. In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) ensures the protection and proper use of personal information. The UK has the Data Protection Act which is enforced by the Data Protection Authority. For the U.S., the Federal Trade Commission (FTC) is primarily responsible for consumer privacy, but the Consumer Financial Protection Bureau (CFPB) has also intervened in cases involving the use of consumer data by fintech firms.

In addition, there are also bilateral agreements in place between different jurisdictions, such as the Safe Harbor agreement between the European Union (EU) and the U.S., which was recently replaced by the EU-U.S. Privacy Shield.


As the lifeblood of the modern global economy, the payments system is protected worldwide through a multitude of regulatory regimes. Depending on the country where a payments service provider wishes to operate, the rules that they must follow can vary.

One of the most commonly discussed regulations is the second Payment Services Directive (PSD2) in the EU. Among the main objectives of PSD2 is ensure preservation of payment security and consumer privacy as well as to create a more balanced regime that is fair to both fintech and traditional incumbents.

For a visual overview of the key regulatory and industry initiatives for payments, the World Payments Report provides a helpful guide.

Asset and Wealth Management

An emerging fintech trend in the asset and wealth management industry is the rising popularity of robo-advisers. These automated investment services can provide considerable cost savings for investors, making them more attractive to those with smaller portfolios.

Overall, fintech firms in the asset and wealth management category must comply with the same regulations for AML, KYC, and CTF. This includes establishing an AML program, reporting any suspicious transactions, and monitoring for activity by politically exposed persons.

Peer-to-Peer Lending

Peer-to-peer (P2P) lending is an area that has had its share of controversy. China is toughening its rules governing P2P lenders after several occurrences of serious fraud, and the U.S. is taking a closer look at its existing regulatory regime in light of concerns raised about lending practices.

The UK, on the other hand, already has a clear set of rules in place that have been written specifically with P2P lending in mind. The FCA requires that online lending platforms provide a detailed explanation of the risks to potential investors.

How RegTech Can Help

In an environment filled with increasingly complex regulations, especially for businesses operating in multiple countries, there is still hope. Regulatory technology (RegTech) has come into its own out of fintech as a means of helping companies better manage their compliance programs. There are many areas in which RegTech can help, such as real-time transaction monitoring, identity verification, and staying abreast of regulatory changes.

“Now that fintech is reaching critical mass, regulatory supervision is needed to protect consumers and ensure stability,” said Jon Jones, President at Trulioo. “Just as fintech is streamlining the way that financial services are delivered, RegTech can do the same for regulatory compliance.”